// 实现了AgentSecurity类，主要负责系统安全防护
export class AgentSecurity {
  private blacklist = [
    "rm -rf", "format", "delete", "drop", "exec", "eval",
    "password", "token", "key", "secret"
  ];

  private rateLimit = new Map<string, number[]>();

  validateInput(input: string): { valid: boolean; reason?: string } {
    // 敏感词检查
    for (const word of this.blacklist) {
      if (input.toLowerCase().includes(word)) {
        return { valid: false, reason: `包含敏感词：${word}` };
      }
    }

    // 长度限制
    if (input.length > 1000) {
      return { valid: false, reason: "输入过长" };
    }

    return { valid: true };
  }

  // 使用滑动窗口算法实现基于用户会话的限流，默认 60 秒内最多允许 10 次请求
  checkRateLimit(userId: string, limit = 10, window = 60000): boolean {
    const now = Date.now();
    const userRequests = this.rateLimit.get(userId) || [];

    // 清理过期请求
    const validRequests = userRequests.filter(time => now - time < window);

    if (validRequests.length >= limit) {
      return false;
    }

    validRequests.push(now);
    this.rateLimit.set(userId, validRequests);
    return true;
  }
}
